[74738] in North American Network Operators' Group
Re: BCP38 making it work, solving problems
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Wed Oct 13 12:59:53 2004
Date: Wed, 13 Oct 2004 17:59:18 +0100 (BST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <g3oej6o8ya.fsf@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 13 Oct 2004, Paul Vixie wrote:
> > >How many people have seen "forged" spoofed IP addresses being used for DOS
> > >attacks lately?
>
> syn-flood protection, and random TCP ISS, are now common enough that
> spoofed-source isn't effective for TCP flows. if you want to bring down
> somebody's web server then blackhats really do have to use real addresses.
of course the docs were written a couple years ago, and things have changed a
lot in that time. the proliference of and ease of establishing bot networks is
such that their controllers dont care if you track them and shut them down as
they are easily replaced
Steve
